|
samhain prelude sensor - interface bind fails
OS: Debian 4.0
samhain: 2.5.5 libprelude2: 0.9.21.3 Hi there, need to bind my samhain sensor to send on specific interface. samhain is bound to XX.XX.XX.XX and works fine with yule server ( which is also prelude-manager ). Tcpdump shows that prelude trys to reach prelude-manager while sending from another addr on Client lets call it YY.YY.YY.YY. Question: Is there any known way to bind my prelude sensor to a fixed IP addr. Search on ids-prelude website/documentation returned nothing useful. Thanks for help and regards, Winter |
Just to make sure I understand, you wish to specify the default server IP address for the prelude client correct? If so, you can accomplish this by modifying /etc/prelude/default/client.conf and specifying the server-addr directive. If it is the bindings for the prelude manager, that can be accomplished by changing the listen directive in /etc/prelude-manager/prelude-manager.conf.
Hope that helps. Jon Hannah Sr. Network Engineer jhannah@hostmysite.com HostMySite.com |
Nope.
I want to bind my sensor to a specific IP Address on my sensor ( prelude client box ) so it sends to the prelude manager with the same IP Address all the time ( firewalling issues ). Regards. |
| All times are GMT -5. The time now is 10:04 PM. |